I now offer an online course on Cloud Security Basics under the auspices of the University of Minnesota and hosted by Coursera. I am still working on three subsequent courses to fill out a 4-part specialization in Cloud Security. I'm looking at online courses as an alternative to writing books.
Unlike members of the insect family, computer software bugs live forever. Software security bugs (well, flaws) are especially troubling since they demand respect from every software developer now and forever. We want to believe we can "eradicate" software flaws through reviews, testing, and vigilance. Eradication is a myth. A flaw's spores simply go dormant to... Continue Reading →
[This post has been UPDATED three times since first published, most recently on Nov 14, 2019] Occasionally in the news (and more often in spy fiction) people pass around super-secret documents marked "Eyes Only." The United Kingdom and Canada use "Eyes Only" to indicate specific countries with whom a document may be shared. "UK Eyes... Continue Reading →
Wireless Protected Access, Version 2 (WPA2) is the version of Wi-Fi security used in most cases today. This diagram illustrates the general layout of the security data used by WPA2. There's a new version coming out, WPA3, but it doesn't seem to be in any products yet. I put this diagram together several years ago... Continue Reading →
I was online chatting at a web site to repair my lawn tractor. Once I finished, I said, "So you're a chatbot. Cool." I'm sure I was talking to a chatbot program and not a human. The reply was a brief but emphatic "No!" I'm not sure how to interpret that. Will a company be... Continue Reading →
Thanks to my former publisher, Addison-Wesley nee-Pearson Education, I can post several chapters of my favorite writing project: Authentication: From Passwords to Public Keys. I'm including these chapters as material for the Cloud Cybersecurity course I'm doing at the University of Minnesota for Coursera. The book was published in 2001, and it's based on solid,... Continue Reading →
Maciej Cegłowski has published a long, practical, insightful, and witty article on his experiences with political campaign security. He wisely focuses on a handful of steps to narrow the attack surface with the fewest tools and techniques. This should be a Coursera course, or a series of short videos.
A few years ago I moved my private library to the cloud. It uses Calibre to catalog my books, and the Open Publication Distribution System (OPDS) to provide an Internet-capable catalog. OPDS is built in to a lot of publisher-independent e-reader software. My e-readers can generally retrieve books from Internet hosts that provide OPDS. My... Continue Reading →
Every cybersecurity professional knows - and almost certainly owns - this book. Ross Anderson published the first edition back around 2001. He's starting a third edition and is using an on-line collaborative model for developing revisions. He has already posted drafts of a few revised chapters. Ross recently pointed out a disappointing result from Edward... Continue Reading →